1. Field of the Invention
This invention is in the field of computer and information systems. More specifically, it relates to hardware devices, such as smart cards and signature devices that authenticate a user of a system. These systems use biometric characteristics that are unique to an individual user. Fingerprint identification is one example of such devices. Signature verification is another such characteristic unique to a specific user.
2. Description of the Prior Art
The nineteen eighties and nineties have seen enormous developments in computers, communications, networks, Internet, and the World Wide Web (Web). The Internet and the Web, in particular have allowed people from anywhere in the world to connect instantaneously to others on the Web. Remote operation of devices and remote access to information from anywhere globally is now possible.
This ability to connect anywhere into a network of computers has given rise to problems of security. Several types of computer attacks are now possible due to this open connectivity. Hackers can connect into your network and wreak havoc on the system. Adversaries can gain access to information and use it in unintended ways against the original owners. Adversaries can even shut down systems or turn them against the owners. The miscreants and adversaries can be from within an organization""s network or from outside a network. After several serious attacks on vital systems, Information Systems Security has been recognized as a real and serious issue.
Security of information, by itself, is nothing new. People, organizations, businesses, and governments have been guarding information for a long time. Cryptography, encryption, and other forms of safeguarding information has been in vogue for many centuries.
One of the facets of information security consists in identifying a user as who he/she claims he/she is. Use of a password to identify a person has long been accepted as a reasonable method of authorization of a user. However, as computer systems are increasingly applied to vital information (e.g. defense and financial systems), mere password protection of systems is unacceptable. Moreover, hackers and abusers are becoming increasingly sophisticated at discovering (spoofing) passwords. They are able to break system security and gain entry to systems.
When users and system administrators deal with multiple systems and individual passwords for each system and application, the verification and authentication process becomes highly complicated. Fearing that they might forget their passwords, people tend to write their passwords in some file and expose their information and the systems to security risks. To avoid such risks, fingerprints are seen as identification marks for all systems and applications that one is allowed access to.
Use of Biometric devices has been accepted as a more secure method of user identification. Finger prints, face prints, eye prints, and voice prints are some of the examples of an individual""s characteristics now being used for identification purposes. Currently, many commercial developments are on the market.
American Biometric Company, Ottawa Canada has developed a system, called BioMouse that authenticates a rightful user and prevents other intruders into a system. New biometric sensors from Phillips Flat Display Systems, San Jose, Calif. and Who? Vision Systems Inc., Lake Forest, Calif., ensure that only authorized users can access portable computing and consumer electronic products. The thin devices can be integrated into mobile phones and personal computers.
Smart-card acceptance is expected to surge over the next year as hardware vendors, responding to increased demand for enterprise security, install smart-card readers into hardware. The cards will store x.509 certificates for user authentication, using Gemplus Corporation smart card systems. Smart-card manufacturers, such as Baltimore-based Information Resource Engineering Inc., are pushing the technology envelope. According to this report, the market for the smart-cards will jump from $941 million in 1997 to $4.7 billion in 2002. Users place the card in the reader and a finger on the silicon chip on the card. The chip will take a 300-point snap shot of the fingerprint and permanently store it in that card. From that point, the card won""t activate unless it receives that image. The card also stores a private key that is used in public key exchanges with servers to add another layer of user authentication and encryption.
Biometric vendors are looking to jump-start their market with cheaper and more effective technologies geared for PCs. Verdicom will show a fingerprint recognition module that uses a Universal Serial Bus, PCMCIA or a parallel port to connect to PCs. The Santa Clara, Calif. company""s FPS 100 fingerprint chip, which costs $30 in volume, will be used in notebooks from Acer America Inc., Hewlette-Packard Co., and NEC Computer Systems Division. WhoVision, of Lake Forest, Calif., will demonstrate keyboards from Mag Innovision Inc. that use its fingerprint sensor technology. SAFLink, of Tampa, Fla., will release a new desktop application called SAFty (Secure Authentication Facility) Latch. SAFty Latch will enable users to employ voice recognition technology to encrypt desktop files with the Blowfish symmetric algorithm. Visionics, of Jersey City, N.J., will demonstrate FaceIT NT, its facial recognition software. IrisScan, of Mount Laurel, N.J., will ship its new PC Iris product.
Compaq""s FIT (Fingerprint Identification Technology) examines what are called fingerprint minutiaexe2x80x94the contours and points unique to each fingerprint. FIT stores the minutiae-point pattern in an NT database in the same place as authentication passwords.
ApproveIT 3.5 for Office 3.5, helps you capture and authenticate electronic signatures. The result is that you can have binding approval cycles with individuals"" signatures and verify that documents have not been altered in unauthorized ways. These are important in specific applications such as those in legal and regulatory industries, where document approval is part of an audit trail or approval process. Organizations that are both concerned with document security and trying to xe2x80x9cgo paperlessxe2x80x9d have this tool from Silanis Technology Inc.
It is an object of the invention to provide the following benefits over conventional cards, devices and systems: two fingerprints add greater security; fingerprint images are carried by the user and are not (necessarily) stored in any computer system; fingerprint images are not output at any time; an encrypted signal is sent to the access processor; the encrypted signal is sent only upon verification of the authenticator""s signature; the pen design makes it easy to carry around and sign key legal and financial electronic documents; it can also record signature numbers and what documents they were placed on; no third party sees the actual fingerprint or the actual signature, thus avoiding chances of forgery on paper documents. The result of the invention is a high degree of mutual security of the card or pen and the access processor from each other is maintained.
The invention embodied by the card has several component modules. There are two capacitance grids to simultaneously convert fingerprint images of the thumb and pointing finger into an electrical signal. There is authenticator software of a Certifying authority for authenticating the user name, User ID, and finger prints. There is an authenticator signature storage to authenticate the agency""s electronic signature. Also provided is an image processor to process the fingerprint image(s) with the authenticator""s signature algorithm and an access signal generator to gain access to the connected machine. The system has image storage for the encrypted electronic image of the fingerprints and data storage for encrypted user data as well as a power supply to operate card circuits.
The operation of this card system is in two phases. In the xe2x80x9cAuthentication Phasexe2x80x9d, a blank card is connected to the authenticator by inserting it into an appropriate connector interface and user data is entered into the authenticator""s machine. The user holds the card so that impressions of the thumb and index finger are picked up by the capacitance grids. Next, the authenticator algorithm is loaded and the authenticator""s signature is stored. Using the authenticator algorithm, the fingerprints are processed into resulting encrypted images. User data is stored in the user data storage and the encrypted fingerprint images are stored in the image storage. At the end of the xe2x80x9cAuthentication Phasexe2x80x9d, the user then has a card with his/her personal details and fingerprint images duly authenticated and encrypted.
Next comes the xe2x80x9cAccess Phasexe2x80x9d in which the user inserts his/her pre-authenticated card into the access processor machine interface and user data is entered into the authenticator""s machine. The Authenticator and access processor check that they are compatible; if they are not, further processing is discontinued and access is denied by the access processor. If they are compatible, the user data is then compared. If there is a match, the user""s impressions of the thumb and pointing finger are picked up by the capacitance grids. The Authenticator""s signature is loaded into the algorithm. Using the authenticator algorithm, and signature, the fingerprints are processed into images. The encrypted fingerprint images are retrieved from the image storage and compared to the processed current images. If the images match, an access signal is generated. The access signal is sent to the access processor machine and, if there is a match, access is granted.
In summary, although computer and information systems have made enormous strides, security issues may impede further progress of these systems. We are positioned at the dawn of a great information revolution in the form of Internet and Web. Highly reliable and easy to use security systems are needed to fully realize the fruits of this impending revolution. With the instant invention, people can enhance their identification security and authentication of documents.
American Biometrics Company claims a False Acceptance Rate (FAR) of 1 in 300 for their device. False acceptance is the condition when a wrong person is identified as the acceptable person. By processing two fingerprints in parallel, as suggested by the inventor, the FAR value can be decreased by several orders of magnitude. When the acceptance condition is that both fingerprint signals be passed, the combined FAR value will be a product of the individual FAR values. That means the resulting FAR will be 1 in 300 times 1 in 300, or it will be 1 in 90,000, an improvement of 2 to 3 orders of magnitude. That is a much better protection against intruders.
American Biometrics Company claims a False Rejection Rate (FRR) of 1 in 10,000 for their devices. False rejection is a condition where the right person is rejected owing to inadequacies of the signal resolution. When a combination of two fingerprints are used, the FRR improves four orders of magnitude.
When the authentication conditions include a combination of two fingerprints and a signature, the FAR and FRR improve tremendously.